Openssl 1.1.0 and certbot-auto


i upgraded openssl to version 1.1.0 and since then, i’m having problems. The latest one being that when i run certbot-auto renew command and it tries to update dependencies i get an error when updating Python packages:
Bootstrapping dependencies for Debian-based OSes…

build/temp.linux-x86_64-2.7/_openssl.c:73163:12: error: invalid application of ‘sizeof’ to incomplete type ‘RSA’
build/temp.linux-x86_64-2.7/_openssl.c:73163:5: error: initializer element is not constant
build/temp.linux-x86_64-2.7/_openssl.c:73163:5: error: (near initialization for ‘_cffi_struct_unions[131].size’)
build/temp.linux-x86_64-2.7/_openssl.c:73163:18: error: initializer element is not constant
build/temp.linux-x86_64-2.7/_openssl.c:73163:18: error: (near initialization for ‘_cffi_struct_unions[131].alignment’)
build/temp.linux-x86_64-2.7/_openssl.c:73167:12: error: invalid application of ‘sizeof’ to incomplete type ‘X509_STORE_CTX’
build/temp.linux-x86_64-2.7/_openssl.c:73167:5: error: initializer element is not constant
build/temp.linux-x86_64-2.7/_openssl.c:73167:5: error: (near initialization for ‘_cffi_struct_unions[133].size’)
build/temp.linux-x86_64-2.7/_openssl.c:73167:29: error: initializer element is not constant
build/temp.linux-x86_64-2.7/_openssl.c:73167:29: error: (near initialization for ‘_cffi_struct_unions[133].alignment’)
error: command ‘gcc’ failed with exit status 1


Command “/root/.local/share/letsencrypt/bin/python2.7 -u -c “import setuptools, tokenize;file=’/tmp/pip-build-6Hlugw/cryptography/’;exec(compile(getattr(tokenize, ‘open’, open)(file).read().replace(’
’, ‘
’), file, ‘exec’))” install --record /tmp/pip-uP5fq5-record/install-record.txt --single-version-externally-managed --compile --install-headers /root/.local/share/letsencrypt/include/site/python2.7/cryptography” failed with error code 1 in /tmp/pip-build-6Hlugw/cryptography
/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/vendor/requests/packages/urllib3/util/ InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see
You are using pip version 8.0.3, however version 8.1.2 is available.
You should consider upgrading via the ‘pip install --upgrade pip’ command.

I have the latest pip, nor is there a problem with memory, since i have 2Gigs of RAM and 1Gig of swap.

Please advise,
Best regards

If I’m reading the code correctly, certbot-auto currently uses python-cryptography version 1.3.4, which does not appear to support OpenSSL 1.1.0.

You’ll probably have to wait for that dependency to be updated. Not sure if that’s being worked on. I believe a number of popular projects are not quite compatible with OpenSSL 1.1.0 yet, so I guess sticking with the previous release branch for a while longer (at least system-wide; you could still compile your (web)server against that release, if it’s supported) would make your life a bit easier for now. :smile:

1 Like

Yeah, everything broke when i upgraded… From Ruby, to Python.

In risk of sounding silly, how do i switch branches? How do i set a system wide previous release?

Depends a bit on how you installed 1.1.0. It might be as simple as deleting files belonging to openssl from /usr/local. If you didn’t manually uninstall the openssl-related packages your distribution comes with, they’ll probably be used again once those files are gone.


I still have both instalations. The previous version in /usr and a new one in /usr/local. I’ll try that.

Thanks for your help.

It worked… Just did make uninstall and everything is working top notch. Thanks again!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.